package springboard.webapp.controller;

import com.yufeixuan.captcha.utils.CaptchaUtil;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.RequiresAuthentication;
import org.apache.shiro.subject.Subject;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.*;
import springfox.documentation.annotations.ApiIgnore;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.security.Principal;

@Slf4j
@RestController
@RequestMapping("/api")
public class ConsoleController {

    @ExceptionHandler(IncorrectCredentialsException.class)
    @ResponseStatus(HttpStatus.UNAUTHORIZED)
    public @ResponseBody String handleException(IncorrectCredentialsException x) {
        log.warn(x.getMessage());
        return x.getMessage();
    }

    @ApiOperation("用户名/密码登录")
    @PostMapping("/login")
    public Object login(@ApiParam("用户名") @RequestParam("username") String username,
                        @ApiParam("密码") @RequestParam("password") String password,
                        @ApiParam("验证码") @RequestParam("captcha") String captcha,
                        @ApiIgnore HttpServletRequest request) {
        //if(!CaptchaUtil.ver(captcha, request)) throw new BadRequestException("验证码不正确");
        CaptchaUtil.clear(request);

        Subject subject = SecurityUtils.getSubject();
        UsernamePasswordToken token = new UsernamePasswordToken(username, password);
        try {
            subject.login(token);
        } catch(DisabledAccountException x) {
            throw new DisabledAccountException("该用户已经被冻结");
        } catch(Exception x) {
            log.warn(x.getMessage(), x);
            throw new IncorrectCredentialsException("登录名或密码错误");
        }
        return subject();
    }

    @ApiOperation("检查验证码")
    @GetMapping("/captcha/verify")
    public boolean verify(@ApiParam("验证码") @RequestParam("captcha") String captcha,
                          @ApiIgnore HttpServletRequest request) {
        return CaptchaUtil.ver(captcha, request);
    }

    @ApiOperation("验证码图片")
    @GetMapping("/captcha/image")
    public void captcha(@ApiIgnore HttpServletRequest request,
                        @ApiIgnore HttpServletResponse response) throws Exception {
        CaptchaUtil.out(request, response);
    }

    @ApiOperation("获取登入名（用户名、openid等）")
    @GetMapping("/subject")
    @RequiresAuthentication
    public String subject() {
        return ((Principal)SecurityUtils.getSubject().getPrincipal()).getName();
    }

    @ApiOperation("登出")
    @PostMapping("/logout")
    public Object logout() {
        Subject subject = SecurityUtils.getSubject();
        subject.logout();
        return "";
    }

}
